exploitDog

GHSA-vwf2-95mj-6g95

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

Ссылки

EPSS

Процентиль: 53%

0.00301

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-20727

CVSS3: 6.1

nvd

больше 4 лет назад

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

EPSS

Процентиль: 53%

0.00301

Низкий

CVE ID

Дефекты

CWE-79